This comment by Matt is too good to leave obscure in a WordPress bug report:

Fundamentally, I think the reason [automatic upgrade] should be core is that WordPress being used as, and has the responsibilities of, a platform. Therefore it’s useful to look at the evolution of a few of the other most successful platforms out there, I would consider the top 4 to be Windows, Mac OS X, Flash, and Firefox. Each has a built-in update mechanism that is essential to the security of its users and gives it, to varying degrees of success, extremely good upgrade rates. (I think Firefox is our closest analogue.)

We are all familiar with the high-profile WP blogs running old versions of the software, and what happens to them. If a blog is hacked or compromised people don’t care if it’s a 2-year-old version of WP, it reflects badly on us and permanently damages our reputation in their eyes. IMO it’s the biggest threat to WP today.

My biggest regret is that this issue has festered for so long, I think partially because I switched to SVN-managing all my blogs a long time ago and forgot what a pain it was to upgrade/install, even as streamlined as we’ve made the process.

Like anything, I expect this to be a feature iterated on and improved in future version of WP after the one it ships in, for example it might be cool to have it utilize native SVN commands if available, and a file MD5 check UI and diff viewer.

We’ve hooked a huge number of people on the power of WordPress because it’s so easy to get started with, let’s keep it working for them and not shooting them in the foot.

I think it’s safe to say that there will be a one click (few click) upgrade of WordPress in our future.